Big Questions: how real is identity theft?

Big questions_ identity theft

Identity theft. Phishing email. Credit card fraud. All phrases that circle around anyone who does almost anything online. But how likely is it that a scammer will steal your identity? How do criminals try to get the information they need to defraud you? And what can you do to try and prevent identity theft happening?

We spoke to Dr Tanveer Zia, an associate professor and course coordinator in computing at Charles Sturt University (CSU). He’s an expert in information and communications technology (ICT) security and gave us the lowdown on how criminals try and steal your identity.

What are scammers trying to get?

As more and more of our activity – financial, professional and personal – takes place online, the internet is increasingly where scammers target their efforts. But, as Dr Zia pointed out, not all identity theft occurs online.

“Generally, scammers are using identity theft for financial gain. If they are looking to sell your identity, they are looking to get two pieces of information: driver’s licence number or passport number and birth date. If they are looking to make financial transactions in your name, they just need your name, credit card number, expiry date and CCV number.

“In terms of how likely it is that you will be the victim of a scammer, well, it’s pretty likely! Australian Federal Police reports indicate that scammers are stealing an average of $1.6 billion a year from Australians, with the majority (around $900 million) being online credit card fraud, identity theft and scams.

 “However, not all identity theft is online. The more unsophisticated method is simply stealing mail from a mailbox. Most of us don’t lock our mailbox, and even if we do, scammers have ways of extracting personal mail (such as using glued paper to ‘fish’ for letters in post boxes). This is more likely the case for older people. They tend to use the postal service more, even for things like making credit card payments.”

How do scammers ‘phish’ for digital information?

While somewhat more sophisticated, the approach to identity theft, as Dr Zia explained, is not overly complicated.

“Online, phishing emails are a major source of fraudulent activity. This is particularly the case when people are at home. Home systems rarely have the same levels of security protection as business computer networks. More phishing emails get through to home email inboxes. If an email looks like it’s from a reliable source and you click on links, you can get an infection or you are prompted to enter your banking details. And the scammers are getting more and more sophisticated, able to dupe people with authentic-looking email requests.

“Elderly are probably more at risk (often with phone calls where they give over remote access to a computer and a scammer can just look at their cookies and browsing history to get the information they are looking for). However, a lot of people aged 25 to 40, who are considered digital natives, fall prey to these phishing scams as well.

 Financial fraud is often lower-level criminals. But actual identity theft tends to be conducted by larger, organised criminal groups. They won’t use someone’s details straightaway to make purchases. They will harvest lots of people’s details and then sell them on in bulk (typically on the dark web). Alternatively, they will try and source other pieces of information about an individual, so that they can do things like applying for passports or driver’s licence in someone else’s name. These fraudulent documents can then be used for more severe crimes such as human trafficking or child kidnapping.”

How can we protect ourselves against identity theft?

While attempts at identity theft are becoming increasingly common – with things like algorithms able to automate phishing attacks – we can all take some simple steps to try and prevent falling victim to one. Dr Zia highlighted some key strategies.

“The best way for people to keep themselves as safe as possible is not opening any email that looks unusual. Always check the URL of a link that you are being asked to click on and confirm that it is the URL of the organisation it purports to be from.

“Also, enable multi-factor identification, such as an SMS in addition to a PIN number on a card or an email account. Create difficult passwords and change them regularly. For instance, if you lose your phone, some scammers can use infrared technology to see which keys are pressed most often. That makes it easier to determine passwords.

“Further, avoid using public computers or networks for financial transactions. On open wi-fi networks in places like hotels, airports and train stations, hackers can monitor the network traffic, especially if the network has weak encryption.

How to get the skills to protect yourself

“And we believe that making cyber security awareness a part of people’s skill set from an early age is important. That’s why CSU has established the Girls in Cyber Security Advancing (GiCSA) project with funding from the Australian Government. This is a series of three-day workshops for girls in Year 9 or 10 in regional New South Wales to develop cyber security awareness and skills, helping them in their own online use and setting them up for their future career in a technology-focused world, as well as boosting women’s participation in STEM [science, technology, engineering and mathematics] education and careers.

“Given that we are essentially in a knowledge ‘arms race’ between scammers and those trying to prevent them, we need people with understanding of the threats and the ability to innovate solutions to combat them. So at CSU, we regularly review our courses so we include the latest knowledge and skills. At the moment, there is a lot of focus on penetration testing and ethical hacking. So software and hardware designers, and network managers, can try and prevent attacks before they even get to individuals.”

Do you want to fight the scammers?

If you want to work at the cutting edge of cyber security, CSU’s dedicated postgraduate degree – the Master of Cyber Security – will give you the very latest knowledge and skills to fight the scammers. Or perhaps you’d like to design the very latest software to protect people online. Then you could take an information technology course, at undergraduate or postgraduate level.

Contact us so we can help you work out the best option for your career goals.

Ask your big questions

At CSU, we’re all about big ideas; and we’re not afraid to think about some uncomfortable questions. Our academics want to get debate out of the comfort zone to address today’s hottest topics.

Got an issue you’d like our experts to tackle? Is there a big question you feel needs to be asked? Submit your big question on our Twitter or Facebook feeds and use the hashtags #bigquestions #CSU